NCrypt - NMRC File Encryptor / Decryptor / Wiper

NCrypt is intended to give you security in an insecure environment. If you
are wanting to encrypt files (particularly on a multi-user system where you
don't have root), wishing to hide your activites from prying eyes, and want
to "cover your tracks", then NCrypt is for you. It is a symmetrical file
encryptor/decryptor that gives you the choice of the top three candidates for
AES as the encryption algorithm (Rijndael, Serpent, Twofish), tries to minimize
exposure of the plaintext password in memory, and can safely erase the
plaintext version from the hard drive. It compiles without any extra crypto
libraries, making it ideal for systems where you just have a compiler and
basic libraries (such as an ISP's shell server).

Features

Open-source freeware.

Unix and Win32 versions available.

Should compile on any platform that supports standard C libraries (no
dependencies upon crypto libraries). Currently supported are Linux platforms,
although users report successful compilation on *BSD flavors.

Use Rijndael, Serpent, or Twofish as the crypto algorithm. Rijndael is
the AES selected candidate, Serpent came in second, and Twofish third. For
details on AES and the selection process, check out http://csrc.nist.gov/encryption/aes/ for more information.

The plaintext password is converted to a SHA-1 hash and immediately
wiped from memory.

Once the SHA-1 hash is used to make a key for encryption, the SHA-1
hash is wiped from memory.

Optionally during encryption, the original unencrypted file can be
erased with the drive space it occupied being overwritten in one of two ways --
either using the recommended methods from DoD standard 5220.22-M chapter 8, or
using techniques outlined in Peter Gutmann's 1996 paper
Secure Deletion of Data from Magnetic and Solid-State Memory. A "wipe-only"
option is also available that is indepedent of the encryption process, for
those times when you need to get rid of a file permanently without keeping
an encrypted copy. The Unix version supports wiping of file slack as well.

NCrypt implementation by Simple Nomad [thegnome at nmrc.org]. Extensive code
review by Inertia [inertia at nmrc.org].
Additional coding by Todd MacDermid [tmacd at
synacklabs.net]. Based upon code by Joh Johnson, which was taken from code by
Gary Rancier, as well as code taken from Dave Whiting's Twofish
implementation. Other code is based upon sample code from the excellent book
"Building Secure Software" by John Viega and Gary McGraw.